Black Hat talk 2018: Unveiling new capabilities of Stealth Mango

July 20, 2018
Download Case Study


Las Vegas

Why Stealth Mango should be on enterprise security minds

This year's talk focuses on Stealth Mango, Android and iOS surveillanceware tools targeting government officials, diplomats, military personnel, and activists, specifically in Pakistan, Afghanistan, India, Iraq, and the UAE. The surveillanceware is one of what we call mobile advanced persistent threats, or mAPTs, and it's only one of the many mobile threats enterprises should be keeping tabs on, despite its current focus on military and government personnel.

The surprising piece, however, is that while the operation itself is sophisticated, the malware itself is not especially impressive. It relies primarily on phishing to infect vicitm's devices and requires no exploits to perform its spying. This means it's fairly simple to get one of these types of attacks up and running, and even simpler to compromise targets.

What: Stealth Mango and the Prevalence of Mobile Surveillanceware

When: Thursday, August 9 at 11:00 AM

Where: Jasmine Ballroom, Mandalay Bay


Andrew Blaich and Michael Flossman

"Threat actors come in all shapes, sizes, and abilities. Stealth Mango is a great example of this. It proves that a simple solution can actually provide more ROI for the actor — and devastation for the victims — than complicated ones."

Andrew Blaich, Head of Device Intelligence, Lookout

What you'll learn at this talk

At this talk, Flossman and Blaich will unveil the new in-house capabilities of the nation state actor behind Stealth Mango. They will also dive into details about the group of freelance developers behind the surveillanceware who primarily release commodity spouse-ware but moonlight by selling their own custom surveillanceware to state actors.

Check out the talk abstract here and the full Stealth Mango technical report here.

Interested in learning how Lookout can protect your organization from mobile surveillanceware? Contact us today.  

No items found.

Discover how Lookout can protect your data